Am 30.05.2016 um 21:07 schrieb Alex:
it's nonsense to give points for dynamic enduser machines, they are *typically* on a lot of blacklists and the users behind are changing all the time when you want to know why - try to use sbl-xbl as suggested by spiderlabs for a web-application-firewall, did that *only* for form-submissions and reverted it after few hours on a sunday because support hell with no good excuseYeah, that's it exactly. Particularly overseas where it doesn't appear NAT and/or submission are used as readily as they are here.
with carrier grade NAT and "DS-Lite" aka "public ipv6 but NAT ipv4" becoming more and more common the problem is and will be growing fast
So even though that IP is on virtually every blacklist, you wouldn't add any points? And there's nothing further the user could do to fix the problem, given the dynamic nature of the IP?
no, see abovewith enough blacklists in the scoring for last-external you get the offending mailservers with hacked useraccounts blacklisted fast enough and in many cases faster because the submission ip's of a hacked account are changing fast
saw that the very few times it happened for customers of us where the submission clients came from all over the world - because of rate-limiting and a good monitoring of the mailqueue (how many mails are queued to the outside world) it was each time a short enough timeframe to shut down the affected account and avoid blacklisting (some abuse reports answered promptly)
so at the end of the day it's enough to check the last-external for good results and not affect innocent clients which got a dynamic adress abused 30 minutes before by a different enduser or by a user sitting behind the same ISP NAT
signature.asc
Description: OpenPGP digital signature
